Archive for June 2, 2016

Thursday, June 2, 2016

Sandbox Workaround for Blizzard Apps

Stefan Esser posted a screenshot of code where it looks like Apple’s OSes skip a sandbox check if the code is running under Blizzard’s team identifier. Stefan Esser:

I wonder why the iOS sandbox omits certain sandbox checks if code is signed by Blizzard Entertainment Inc.

It looks like if you are signed by blizzard you can execute whatever executables you find on an iOS device.

Luckily we all know that Blizzard Games never have remote vulnerabilities :-)

This struck people as dangerous and unfair, which perhaps speaks to how much faith developers have in Apple fairly enforcing its own rules. However, it turns out that it’s not actually a sandbox exception but rather a workaround for a crashing bug.

POM:

This path is for the access() call, not for the actual enforcement.

But it doesn’t mean they can execute, it means we make them believe they could.

John Gruber:

Practically speaking, all sandboxing rules still apply to Blizzard apps; workaround doesn’t allow operations that other apps can’t do too.

And Blizzard has fixed their updater, so the workaround shouldn’t be needed in next update.

My takeaway is that Apple will go to extraordinary lengths to avoid crashers in super-popular apps, even when it’s entirely the app’s fault.

The Secret History of Mac Gaming

Richard Moss has Kickstarter-like book proposal (via Hacker News):

The Macintosh changed videogames. It seldom gets credit for this, but it did. It — and its tight-knit community — challenged games to be more than child’s play and quick reflexes. It showed how to make human computer interaction friendly, inviting, and intuitive.

Mac gaming led to much that is now taken for granted by PC gamers, including mouse-driven input, multi-window interfaces, and even online play. The Mac birthed two of the biggest franchises in videogame history, Myst and Halo, and it hosted numerous “firsts” for the medium.

[…]

The Secret History of Mac Gaming is the story of those communities and the game developers who survived and thrived in an ecosystem that was serially ignored by the outside world. It’s a book about people who made games and people who played them — people who, on both counts, followed their hearts first and market trends second. How in spite of everything they had going against them, the people who carried the torch for Mac gaming in the 80s, 90s, and early 2000s showed how clever, quirky, and downright wonderful videogames could be.

The work draws on archive materials as well as 60+ new interviews with key figures from Mac gaming’s past[…]

Yahoo Disclosures National Security Letters

Yahoo (via Hacker News, Slashdot):

As part of our ongoing commitment to transparency, Yahoo is announcing today the public disclosure of three National Security Letters (NSLs) that it received from the Federal Bureau of Investigation (FBI). This marks the first time any company has been able to publicly acknowledge receiving an NSL as a result of the reforms of the USA Freedom Act.

[…]

As explained in our Transparency Report, an NSL is a type of compulsory legal process used by the FBI in national security investigations. The letters Yahoo is making public today were received in April 2013, August 2013, and June 2015, respectively. Yahoo complied with these three NSLs and, to the extent we had the information requested, we disclosed it as authorized by law. Specifically, we produced the name, address, and length of service for each of the accounts identified in two of the NSLs, and no information in response to the third NSL as the specified account did not exist in our system. Each NSL included a nondisclosure provision that prevented Yahoo from previously notifying its users or the public of their existence.